Google relents—adds system password prompt before displaying web passwords

Nov 05, 2013 by Bob Yirka weblog

(Phys.org) —This past summer it was widely reported that Google Chrome had a web security flaw—all of the passwords that were saved for various web sites could be displayed by anyone gaining physical access to a computer, by typing in a simple command. That prompted a lot of people to criticize Google for its lackadaisical approach to web security for its user community. Google defended itself by noting that if someone gained physical access to someone else's computer and were able to use their Chrome browser, they would be able to access all of the web sites that the original owner had saved anyway (because the login and passwords would be filled in automatically), regardless of whether they could see the passwords, which were stored on the local hard drive in plain text.

Now it appears that Google has had a change of heart, at least as it applies to Mac users—Chromium developer François Beaufort has announced on his Google+ page that Google has implemented a "fix" for the problem for users of the Chromium Build for Mac. Now, if a sneaky person gains physical access to someone else's computer and tries to get the browser to show all of the saved , they will be prompted to first type in the Mac OS password. Of course, that still won't stop them from visiting and logging in automatically (because the passwords have still been saved after all) to whatever web sites they find in the list of favorites, their history, etc.

It's not clear why Google had a change of heart, or if the change will be made to Google Chrome (Windows) or if it will, how long that might take. Last summer, company reps said making such a change to Chrome would give users a false sense of security. They suggested that users lock their computer when away from the keyboard to give themselves a true security system.

It's clear that forcing users to type in a system password will prevent miscreants from quickly printing out a list of logins/passwords—whether it will also lull them into a false of remains to be seen—at least for Mac users.

Explore further: Seoul, Toyko pledge to work with US to combat cyber crime

Related Stories

Google vision of password rings heard at security event

Mar 13, 2013

(Phys.org) —Google finds much appeal in gaining the distinction of leading the way toward a future where USB sticks and rings can replace traditional passwords. The idea of killing off passwords has been ...

Recommended for you

US seeks China's help after cyberattack

10 hours ago

The United States is asking China for help as it weighs potential responses to a cyberattack against Sony Pictures Entertainment that the U.S. has blamed on North Korea.

Impoverished North Korea falls back on cyber weapons

Dec 19, 2014

As one of the world's most impoverished powers, North Korea would struggle to match America's military or economic might, but appears to have settled on a relatively cheap method to torment its foe.

Five ways to make your email safer in case of a hack attack

Dec 19, 2014

The Sony hack, the latest in a wave of company security breaches, exposed months of employee emails. Other hacks have given attackers access to sensitive information about a company and its customers, such as credit-card ...

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

evropej
1 / 5 (6) Nov 05, 2013
Logging into a site is one thing, getting the password to log in from any pc is another. This is what happens when you get so big and go from technology development to groogling the world with spam.
Zera
1 / 5 (6) Nov 05, 2013
check out lightbeam - google sits at the centre of just about every interaction you have with the "web"
Ducklet
1 / 5 (5) Nov 05, 2013
The password has to be available in plaintext anyway, at some point, or the browser won't be able to auto-fill it.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.